computer safety and security lori m. bennett information security officer
TRANSCRIPT
Computer Safety
and Security
Lori M. BennettInformation Security Officer
The Internet = A World of Opportunties
A myriad of information is at your fingertips
• A way to communicate with colleagues, friends, and family
• Access to information and entertainment
• A means to learn, meet people, and explore
04/19/23Frostburg State University
Office of Information Technology
Frostburg State University Office of Information Technology
04/19/23
““With great With great power there power there must also must also come great come great responsibilitresponsibility” y”
-Stan Lee-Stan Lee
Online Security vs Online Safety
Security: We must secure our computers with technology in the same way that we secure the doors to our homes.
Safety: We must act in ways that help protect us against the risks that come with Internet use.
04/19/23Frostburg State University
Office of Information Technology
Primary Online Risks and Threats
04/19/23Frostburg State University
Office of Information Technology
To PersonalInformation(Safety)• Online fraud and
phishing
• Hoaxes
• Identity theft
• Spam
To Computers
(Security)• Viruses • Worms • Trojans• Spyware
• Adware
Primary Threats to Computer Security
04/19/23Frostburg State University
Office of Information Technology
Viruses/WormsSoftware programs designed to invade your computer, and copy, damage, or delete your data.
TrojansViruses that pretend to be helpful programs while destroying your data, damaging your computer, and stealing your personal information.
Spyware/AdwareSoftware that tracks your online activities or displays endless ads.
Four Steps to Help Protect Your Computer
04/19/23Frostburg State University
Office of Information Technology
Turn on Windows Internet firewall
Use Microsoft Update to keep Windows
up-to-date automatically
Install and maintain antispyware software
Install and maintain antivirus software
Turn on Windows Internet Firewall
• The firewall helps create a protective barrier between your computer and the internet
• Some antivirus programs also come with a firewall
04/19/23Frostburg State University
Office of Information Technology
04/19/23Frostburg State University
Office of Information Technology
Click Start, Control Panel, Windows Firewall, then “Turn Windows Firewall on or off”
Select “Turn on Windows Firewall” for all networks
Use Automatic Updates to Keep Software Up-to-date
• Install all updates as soon as they are available
• Automatic updates provide the best protection
• Enabled by default on FSU computers
04/19/23Frostburg State University
Office of Information Technology
04/19/23Frostburg State University
Office of Information Technology
Click Start, Control Panel, then Windows Update, and “Change Settings”
Select “Install updates
automatically”Notice the install
time and be sure your computer is turned on
Or visit http://update.microsoft.com
Also keep Java, Flash, and other add-on programs up to date
• These programs will prompt you when updates are available
• Always install as soon as possible
04/19/23Frostburg State University
Office of Information Technology
Install and Maintain Antivirus Software
04/19/23Frostburg State University
Office of Information Technology
• Antivirus software helps to detect and remove computer viruses before they can cause damage.
• For antivirus software to be effective, you must keep it up-to-date.
Don’t let it expire
Install and Maintain Antispyware Software
• Use antispyware software, such as Malware Bytes, so unknown software cannot track your online activity and potentially steal your information.•Many antivirus programs now include antispyware
04/19/23Frostburg State University
Office of Information Technology
Malware Bytes
Free download from: https://www.malwarebytes.org
Should be updated and run regularly just as you would your antivirus program
04/19/23Frostburg State University
Office of Information Technology
Other Ways to Help Protect Your Computer
Back up your files regularly
Read Web site privacy statements and EULA’s
Close pop-ups using Alt+F4
Think before you click04/19/23
Frostburg State University Office of Information Technology
Back up Your Files
At FSU, make sure to store important information on network drives
Save to CD/DVD, a USB drive, or other external source
Use a Web-based backup service such as http://www.onedrive.com
04/19/23Frostburg State University
Office of Information Technology
Read Privacy Statements
Understand what you are getting before you agree to download or share your personal information
Read End User License Agreements (EULA’s) before clicking “Agree” or “Accept”
04/19/23Frostburg State University
Office of Information Technology
Use the Alt+F4 to Close Pop-ups
Never click “yes,” “accept,” or even “cancel” or “abort” because it could be a trick that installs software on your computer.
04/19/23Frostburg State University
Office of Information Technology
Always press Alt+F4 on your keyboard to close pop-ups
Think Before You Click
04/19/23Frostburg State University
Office of Information Technology
Be cautious with e-mail attachments and links
Only download files from Web sites you trust
Use a web site advisor program such as McAfee Site Advisor
04/19/23Frostburg State University
Office of Information Technology
Download free from http://www.siteadvisor.com
Internet Explorer Settings
Open Internet Explorer and click the cog in the upper right corner, then Internet Options
Security level for Internet should be at least Medium-High (or click Default Level)
04/19/23Frostburg State University
Office of Information Technology
Primary Threats to Personal Online Safety
04/19/23Frostburg State University
Office of Information Technology
SpamUnwanted e-mail, instant messages, and other online communication
PhishingE-mail sent by online criminals to trick you into going to fake Web sites and revealing personal informationIdentity
TheftA crime where con artists get your personal information and access your cash and/or credit
HoaxesE-mail sent by online criminals to trick you into giving them money
Three Steps to Help Protect Your Personal Information
04/19/23Frostburg State University
Office of Information Technology
Practice Internet behavior that lowers your risk Manage your personal information carefullyUse technology to reduce nuisances, and raise the alarm when appropriate
Practice Internet Behaviors that Help Reduce Your Risk
Look for ways to reduce spam
Be on the lookout for online scams
Use strong passwords
04/19/23Frostburg State University
Office of Information Technology
Ways to Reduce Spam
You usually can tell a spam message by it’s title, so never open those messages, delete them right away!
Never reply to a spam message or click their “remove me” links- it will generate MORE spam
Create a free online email account (Yahoo, MSN, Gmail) and use that account for offers online
04/19/23Frostburg State University
Office of Information Technology
Avoid Online Scams
Seven telltale signs of a scam:
1.You don't know the person and they are not with a reputable company.2.You are promised untold sums of money for little or no effort on your
part.3.You are asked to provide money up front for questionable activities, a
processing fee, or to pay the cost of expediting the process.4.You are asked to provide your bank account number or other personal
financial information, even if the sender offers to deposit money into it.5.The request contains a sense of urgency.6.The person repeatedly requests confidentiality.7.The person offers to send you photocopies of government certificates,
banking information, or other "evidence" that their activity is legitimate (these are fake).
04/19/23Frostburg State University
Office of Information Technology
Use Strong Passwords
http://www.microsoft.com/protect/yourself/password/checker.mspx
04/19/23Frostburg State University
Office of Information Technology
How secure is your password???
Choosing secure passwords
Use your name or your Username in any formUse your spouse's, child's or pet’s nameUse other information easily obtained about
you (License plate, telephone, or social security numbers, brand of your automobile, street address, etc.)
Use words found in dictionaries
04/19/23Frostburg State University
Office of Information Technology
Do Not:
Choosing secure passwords
Use a password with mixed-case alphabetic charactersUse a password with non-alphabetic characters (e.g.,
digits or punctuation)Use a password that is easy to remember, so you don't
have to write it down Try using a the first letter of each word in a long
phrase, then substitute caps and symbols
04/19/23Frostburg State University
Office of Information Technology
Do:
Choosing a secure password
johnd, dnhoj, johndjohnd, JOHND, ABC123D, StarWars, 0123456789, xxx999, mydogRover, truck, ILoveTom
04/19/23Frostburg State University
Office of Information Technology
Examples of Bad Passwords:
Examples of Good Passwords: WAter5, Si11ymE, Ez24get, Mt4bwY
FSU Password Requirements
Password must be a minimum length of eight characters
Password cannot contain all or part of your User name
At least 10 unique passwords must be used before a password can be reused
Password must contain a combination of three of the following categories: uppercase characters (A thru Z), lowercase characters (a thru z), numeric (1 thru 9), and non-alphabetic characters (!,@,#,$,%, etc.)
04/19/23Frostburg State University
Office of Information Technology
Manage Personal Information Carefully
Do not share personal information in e-mail or instant messages
Use only secure and trusted Web sites
Make sure you are where you think you are: Web sites can be faked
Avoid financial transactions over unsecured wireless networks
When in public, stay private
04/19/23Frostburg State University
Office of Information Technology
Have you been Phished?
Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.
Phishers send an email to get you to go to a web site where you are fooled into exposing your passwords or even banking information so they can take the money in your account.
04/19/23Frostburg State University
Office of Information Technology
04/19/23
Frostburg State University Office of Information Technology
Frostburg State University Office of Information Technology
Sample Phishing email from a bank
04/19/23
Frostburg State University Office of Information Technology
Frostburg State University Office of Information Technology
Sample Phishing email sent to FSU users
From: Webmaster [mailto:[email protected]] Sent: Thursday, March 10, 2011 5:25 AMSubject: User Quarantine Release Notification Hello, We are carrying out a routine quarantine exercise . we have started our yearly server (inactive email-accounts / spam protecting etc) clean-up process to enable service upgrade/migration efficiency. Please be informed that your account usage will be fully restricted if you do not adhere to this notice. You are to provide your account details for immediate Quarantine by clicking on your reply button to respond as follows (This will confirm your account login/usageFrequency / account continuation potentials): *Username:*Password:*Alternate Email: All IT Service utilities will not be altered during this period, This will not affect the operation of your IT service systems or the manner in which you currently login to your account. Account access and usage will be disabled if you fail to comply as required. Help DeskInformation Technology © 2011 All rights reserved
Ways to Tell that an Email Message is Fraudulent
Phrases to look for:"Verify your account." "If you don't respond within 48 hours, your
account will be closed." "Dear Valued Customer." "Click the link below to gain access to your
account."
04/19/23Frostburg State University
Office of Information Technology
How to Protect Yourself
Never follow links or call phone numbers listed in an email. Type the company’s URL directly in a new browser window, or call the number listed on your statement.
When in doubt, delete. Delete any email you have doubts about, especially one that requests you to give up your personal, private information.
If you feel the email looks suspicious, report the email to the 'real' company.
04/19/23Frostburg State University
Office of Information Technology
How to shop online more safely
Before you select a store: Do a background check. Look for a physical address (not
a Post Office box), request a catalog by mail, or call and talk to a company representative.
Explore the Web site for third-party seals of approval such as:
BBBOnline (Better Business Bureau Online) or TRUSTe Find out what other shoppers have to say (Epinions or
Bizrate) Review their shipping methods and policies
04/19/23Frostburg State University
Office of Information Technology
Before You Enter a Credit Card Number
The company should only require personal information that's necessary to complete the purchase (you will probably enter your credit card number, address, and telephone number).
The Web site should use secure technology. When you get to the screen where you enter your credit card number or other personal information, make sure that the Web address begins with https (for example, https://www.tailspintoys.com) and check to see if a tiny locked padlock appears next to the URL.
04/19/23Frostburg State University
Office of Information Technology
04/19/23Frostburg State University
Office of Information Technology
Use Public Wireless Networks More Safely
If a wireless network is unsecured:
Use a firewallDon't type in credit
card numbers or passwords
Turn off your wireless network when you're not using it
04/19/23Frostburg State University
Office of Information Technology
Check your Social Network settings
Do you know what other people can see on your Facebook or Twitter page?
Be careful what you post
“If you can’t say something nice, don’t say nothing at all”
Google yourself!04/19/23
Frostburg State University Office of Information Technology
04/19/23Frostburg State University
Office of Information Technology
04/19/23Frostburg State University
Office of Information Technology
Secure Your Wireless at Home
It's one thing to let a neighbor borrow your lawn mower, but you should think twice about allowing anyone to access your home network!
Out of the box, many wireless routers are completely unsecured
04/19/23Frostburg State University
Office of Information Technology
Wireless networks often extend more than 300 feet from your wireless router.
Tips for Wireless Home Network Security
Change Default Administrator Passwords (and Usernames)
Turn on (Compatible) WPA / WPA2 Encryption Change the Default SSID Disable SSID Broadcast Enable Firewalls On Each Computer and the Router Position the Router or Access Point Safely Turn Off the Network During Extended Periods of
Non-Use Change passwords and WPA / WPA2 keys regularly
04/19/23Frostburg State University
Office of Information Technology
For More Information
04/19/23Frostburg State University
Office of Information Technology
http://www.staysafeonline.orgwww.getnetwise.orghttps://www.us-cert.gov/home-and-businesswww.microsoft.com/protect/default.mspx www.microsoft.com/protect/yourself/password/create.mspxhttp://www.microsoft.com/security/online-privacy/email.aspx